55 lines
1.3 KiB
YAML
55 lines
1.3 KiB
YAML
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: authentik-proxy-provider
|
|
namespace: traefik
|
|
spec:
|
|
forwardAuth:
|
|
address: http://ak-outpost-dmz-embedded-output.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-authentik-username
|
|
- X-authentik-groups
|
|
- X-authentik-email
|
|
- X-authentik-name
|
|
- X-authentik-uid
|
|
- X-authentik-jwt
|
|
- X-authentik-meta-jwks
|
|
- X-authentik-meta-outpost
|
|
- X-authentik-meta-provider
|
|
- X-authentik-meta-app
|
|
- X-authentik-meta-version
|
|
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: whitelist
|
|
namespace: traefik
|
|
spec:
|
|
ipWhiteList:
|
|
sourceRange:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/8
|
|
|
|
---
|
|
#apiVersion: traefik.io/v1alpha1
|
|
#kind: Middleware
|
|
#metadata:
|
|
# name: bouncer
|
|
# namespace: traefik
|
|
#spec:
|
|
# plugin:
|
|
# bouncer:
|
|
# enabled: true
|
|
# crowdsecMode: stream
|
|
# crowdsecLapiScheme: https
|
|
# crowdsecLapiTLSInsecureVerify: true
|
|
# crowdsecLapiHost: crowdsec-service.crowdsec:8080
|
|
# crowdsecLapiKey:
|
|
# valueFrom:
|
|
# secretKeyRef:
|
|
# name: crowdsec-lapi-key
|
|
# key: lapi-key
|